Firefox

Extension Overview

Provide a second-layer of security to detect attacks due to a compromised or malicious certificate authority.

Securely determine the validity of “self-signed” certificates that have not been signed by a certificate authority, avoiding the “scary” Firefox security error when it is safe to do so.

This plugin uses an existing set of Network Notary servers run by the Perspectives Project.

Using the Extension

When visiting HTTPS websites, Perspectives displays an icon that is either green (valid certificate) or red (invalid certificate). If a certificate fails the browser’s certificate authority validation (e.g., it is self-signed), but Perspectives deems this certificate to be secure, Perspectives will override the browser security error. Once Perspectives has used notary data to deem a certificate valid, that certificate is cached locally as “trusted”. You can configure Perspectives to cache these certificates either permanently or just for the current instance of the browser (default).

You will see a small Perspectives icon in your addon bar (lower right hand corner of the browser). If you hide the add-on bar, you can add the Perspectives button anywhere on Firefox by right-clicking on a toolbar, selecting “Customize”, and adding the Perspectives icon to the toolbar. You can also access a Perspective menu either by right-clicking on a webpage or via the “Tools” menu.

The Perspectives menu also provides access to a Help file and to a Preferences dialog that supports changing many of the defaults.

Known Issues

If your local network uses a proxy or firewall to access the Internet, it may prevent Perspectives from reaching notaries. As a result, all sites will fail verification

If going to a website with a self signed certificate causes a small error dialog to pop-up in front of a blank page, instead of showing a full error page, Firefox may be misconfigured in a way that prevents Perspectives from working. To check, type “about:config” (no quotes) into the browser URL bar. Click past Firefox’s warning, and then type ‘browser.xul.error_pages.enabled’ in the ‘Filter’ textbox at the top of the page. If the ‘Value’ column shows ‘false’ for this setting, double click the text ‘false’ to change it to ‘true’. ‘true’ is the default setting for Firefox 3, but some users have reported that their browser was set incorrectly.

Our code to override the Firefox security warning page for self-signed, mismatched, and expired certs is not perfect. Sometimes you will see the warning flash before our code overrides it.